Anyone know of or have a packer/encoder signature database?
Well its been a little slow around here the last couple of days. I've been off taking care of the little one and not doing much malware. However we got a couple of massive contributions and have been working on some automation stuff so we should have some big posts coming soon. Thanks to all the people who have been visiting, posting, contributing, etc. 2006 is looking great so far.
Hey all, ive been pretty busy with the new baby, however I do have a request.
Anyone have a copy of the WMF contruction kit?
We had a healthy baby boy born this morning at 6:57am so I'll probably not be posting much for a little while.
Have a happy new year!!
A couple of things:
To all my military / government visitors. I notice people visiting but not logging in. If you would like an account but don't want to go through the normal sign up process, or don't have a public email you can use, feel free to let me know and I'd be happy to set you up an account.
A general thing, the file upload is broken. I am working on fixing it but no luck so far. Basically when you go to upload a file and hit add you will see a bunch of errors. However if you scroll down and hit submit, it still uploads successfully regardless of the errors. People can also just email me and I will post for them / give credit. Zip everything and password proect it with "offensivecomputing" so it will send.
Sometime today we crossed the 100k hits mark!
Not bad for a couple of weeks time with only really 3 days being truly public.
Welcome to all the visitors.
Now about about contributing some analysis, signatures, etc. :)
Val says I can start this discussion, so here I go.
A number of features appear to be missing. Apologies if it's there and I didn't see it.
-There ought to be links to the various AV sites and their analysis and name(s) for the sample. I see some of them already have aggregate scan results, those should be turned into fields and links.
-I assume the scan is done once at submission time. There should be a backend process that periodically rescans samples, to reflects changes in the signature databases.
-There ought to be a bunch more cross-reference type fields. Specific examples:
I noticed that my post finally hit Bugtraq today after several attempts. I just wanted to take a minute welcome all the new users. (11,000 hits in the last couple of hours!)
I also wanted to mention that you have to sign up for an account in order to view the malware posts. Its free and relativly painless and I promise not to sell your e-mail to spammers :)
Please send feedback, samples, etc. !
Ive been looking over the logs to get a feel for who is interested in the site.
Unsurprisingly there are lots of security companies, collages and the like.
Interesting is the number of crazy .gov / .mil sites checking us out. Welcome guys!
I also see some of you A/V people are frequently visiting us.
I would sure like to hear your thoughts/opinions/advice.
The weirdest visitor by far ?
A Butter company wtf ?!?